Court fight upends $4B DHS software buy

NOTE: This article first appeared on FCW.com.

A $4 billion push to unify the disparate financial management systems at the Department of Homeland Security is stalled by a legal challenge from a vendor, putting at risk the latest in a long line of efforts to consolidate technology at the agency.

DHS is pursuing a two-track procurement to consolidate the multiple financial systems of its component agencies. The agency plans separate contracts for financial management software and software integration. Taken together, the procurement looks to combine financial management, asset management, procurement and business analytics across the sprawling DHS enterprise.

The effort is on pause while DHS fends off a protest lawsuit that alleges DHS designed the software part of the procurement (Enterprise Financial Management Systems or EFiMS) to privilege big vendors. The litigant is Savantage, a Maryland-based women-owned small business contractor, which has supplied financial services software to DHS since the agency's inception.

The lawsuit has been ongoing since November 2019, when the solicitations for the new contracts hit the street. The complaint is detailed and complex and gives some indication of the varied financial management environment at DHS and among its components. The agency uses financial management software from five different vendors across its 14 component agencies, a carryover from the department's original formation in 2002. The software solicitation states that the department would like to reduce the number of vendors it relies on to no more than two to focus on more standardized software solutions, increase efficiencies and reduce expenses.

The company is asking a judge for an injunction prohibiting the department from awarding the software contract and an order requiring DHS to revise the solicitation "to correct the many material flaws" that it says prevent a fair and open competition, according to court documents dating back to November 2019.

The Court of Federal Claims heard oral arguments in the case on Sept. 18. It's unclear when a decision might land.

Savantage argues it has "successfully supported the financial management needs of different DHS components since 2002 and "is fully capable of providing a financial management solution that meets the [new] solicitation's goals." The company argues that its background makes it more than qualified to compete for the job, but it alleges that "DHS constructed the [software] solicitation in a manner that restricts competition and precludes small – but highly capable – businesses, like Savantage, from competing on a level playing field."

Last month, government lawyers noted in a reply brief that Savantage, a bidder on the contract, could "very well receive an award to provide a modernized solution" but that the focus on the procurement was to replace old software, including that offered by Savantage.

"Savantage's legacy system is over 15-years old and provides ICE customers only one-third of the necessary integrated system – financial services. Accordingly, the replacement of Savantage's legacy, financial-only system (and legacy systems at other components) with an integrated system will occur under EFiMS.

An old story

Since its inception, DHS has been looking to unify its disparate elements into a single, cohesive agency and that effort – and its many missteps – is exemplified in a bid to consolidate financial management.

There have been three efforts since the passage of the Homeland Security Act to unify the legacy financial systems of DHS component agencies into a single solution that could streamline and improve financial reporting and leverage the size and buying power of the new department to reduce procurement costs. All have failed.

"In many respects, the story of this financial management system and the integration of disparate legacy systems, is the story of DHS," said Chris Cummiskey, a former deputy undersecretary for management who has been involved in previous efforts to stand up an integrated system. "Because when you look at the evolution of this over time, it really dates back to the first days of the department."

The patchwork of different, individual software systems that the component agencies brought with them has resulted in DHS components "operating under disparate policies and business processes" and some cases relying on "outdated technology" and "mostly non-integrated" systems, according to a 2019 DHS Office of Inspector General report.

Most of DHS component financial management systems are out of date and suffer from shortcomings inherent in legacy technologies. For example, the system used by the U.S. Coast Guard is so deficient it required the agency to obtain a waiver in lieu of an Authority to Operate on the Coast Guard network due to security concerns, according to an audit released in August. It also lacks functionality to update to current accounting classifications.

"People recognize that you can't have 12 or 15 large financial systems across the department if you want to be able to pull the kind of data that you need to have an integrated system, to have a department that doesn't have to do a manual data call … every time they need to respond to the Hill or maintain a clean audit opinion," said Cummiskey.

The troubled history of the project, along with high staff turnover at the CIO office and more broadly within the department's leadership ranks have caused overseers and appropriators in Congress to take a particular interest in monitoring the newest procurements to ensure similar mistakes that sunk past efforts aren't repeated.

DHS "has had some pretty spectacular failures when you look back at the history and in the process have spent billions of dollars, so obviously there's the concern about continuing to waste taxpayer money without having anything to show for it," said an aide to the House Homeland Security Committee majority who has been receiving quarterly briefings from the department on the project.

Small vendors, transformative projects

The debate captured in the court documents reflects the "push and pull in any of the large procurements that come out of DHS" these days, Cummiskey said. Smaller vendors believe that federal agencies are biased towards big brand contractors, while larger companies often complain about the number and size of mandatory set-asides for small businesses that are a feature of many large contracts.

"I think it's kind of the environment now where things are very competitive … and there's a little bit more friction I'm feeling between the Oracles and the big outfits versus those small companies that are trying to preserve or protect procurements that they have today," he said.

For some, the choice to bid out the software and integration portions simultaneously, or leave the door open for awarding multiple integrators, is a sign that DHS is at least trying something different rather than doing "the same thing over and over again expecting different results."

"No matter what I think, there's a risk with whatever approach they take," the House Homeland staffer said. "I think one silver lining for this even though it may be untraditional, it's not the same approach they've done before and know doesn't work."

Savantage can be forgiven for thinking that this procurement is oriented toward big players. The lawsuit cites comments made by then-DHS Deputy Under Secretary for Management Chip Fulghum during an April 2019 House Homeland Security Committee budget hearing that he met monthly with stakeholders on financial system modernization, including Oracle and IBM in advance of the procurements.

Fulghum's comments came in response to a question from lawmakers about what DHS had learned from previous failed attempts to set up an enterprise financial management system and what it was doing differently this time around. He said historically the department had relied too much on the Interior Department's Business Center (IBC), a procurement and payroll shared services provider, to act as a middleman for previous acquisitions and was seeking to gain more control over governance for large IT projects.

"What we saw in the IBC experience was simply there were too many folks between us and the folks actually doing the work," Fulghum said last year. "So, we had requirements but we had to go through IBC, who then went to their integrator contractor, who then went to the software provider," he told the committee. "We now have very strong lines of communication, strong oversight and governance. I meet with those folks once a week myself, they brief me on where this program is and how it's going. I meet with all stakeholders which includes our integrator as well as the software provider monthly to make sure we're all staying on the same page."

Asked who those contractors were, Fulghum cited Oracle and IBM. When asked to name any other companies, Fulghum replied, "That's it."

At least one DHS component, the Office of Health Affairs, has migrated from Savantage financial software to Oracle, and another three components agencies collectively referred to as TRIO (Customs and Border Protection, the U.S. Coast Guard and the Transportation Security Administration) are conducting a separate financial systems modernization that also uses Oracle software.

Can DHS get it done?

An award for the integrator portion of the project has been repeatedly delayed this year, and the ongoing legal challenge has the potential to substantially delay or even scrap the project in its current form.

That would be a disaster for a department that has already experienced too many setbacks during past efforts. While the need for a modernized, mostly-unified financial system will only continue to get more urgent, a common sentiment among those FCW spoke to is that patience among overseers in Congress and in the contracting community was already wearing thin. Another failure, or false start, would only further sap confidence in the maturity of the DHS' acquisitions approach.

"It really goes to the core of the criticism the department has had leveled against it by critics in Congress – of which there are many – that say you're not able to deliver on these large acquisitions," said Cummiskey. If the project is scrapped, "it's easy to point to it as another example of why the department can't get its act together."